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THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE 
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS: 



A method of verifying a transaction over a data communication system between a 
first and second correspondent through the use of a certifying authority having 
control of a certificate's validity, said certificate being used by at least said first 
correspondent, said method comprising the steps of: 
A one of said first and second correspondents advising said certifying 



a) \ 



authority thai said certificate is to be validated; 



b) "said certifying authority verifying the validity of said certificate attributed 
to"$aid first correspondent; 

c) said\ertifying authority generating implicit signature components 
including specific authorization information; 

d) forwardir^ to said first correspondent at least one of said implicit 

signature components for permitting said first correspondent to generate 

\ 

an ephemeral ^vate key; 

e) forwarding to said second correspondent at least one of said implicit 
signature components for permitting recovery of an ephemeral public key 
corresponding to sai<^ ephemeral private key, 

f) said first corresponded^ signing a message with said ephemeral private key 
and forwarding said message to said second correspondent and 

g) said second correspondent'^ttempting to verify said signature using said 
ephemeral public key and proceeding with said transaction upon 



verification. 



\. 



A method as defined in claim 1, wherein sa^d second correspondent advises said 
certification authority that said certificate is t^be validated upon receiving an 
initial message from said first correspondent. 



A method as defined in claim 2, wherein said at leakt one of said implicit 
signature components is forwarded to said second correspondent by said 
certifying authority. 
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A method as defined in claim 3, wherein said at least one of said implicit 
signature components is forwarded to said first correspondent by said second 
\ correspondent. 

/^method as defined in claim 4, wherein said generated implicit signature 
components includes: 

a) \ Y<, where y s = kP + rP, and where k is a long term private key of said first 

Correspondent, r is a random integer generated by said certification 
authority, and P is a point on a curve; and 

b) Sj, v^here s ; = r - c-H(Ai,YiX and where c is a long term private key of said 
certifying authority, Ai includes at least one distinguishing feature of said 
first corespondent and said specific authorization information, and H 
indicates ^ secure hash function; 

wherein said long t^rm private key of said first correspondent is sent to said 
certifying authority prior to said verification transaction. 



in 6} 



A method as defined in ^aim 5, wherein Ai, yu and Sj are forwarded to said 
second correspondent and\^ is forwarded to said first correspondent* 



7. A method as defined in claim wherein said distinguishing feature is includes at 
least one of a name of said first correspondent, a telephone number of said first 
correspondent, and an address of said first correspondent. 



8. A method as defined in claim 5, whereiksaid specific authorization information 
includes at least one of a time of said transaction and a date of said transaction. 

9. A method as defined in claim 6, wherein said ephemeral private key is generated 
according to ai = k+s;, where aj is said ephemeral private key. 
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10. ^ A method as defined in claim 9, wherein said ephemeral public key is recovered 
\according to aiP= y r H(Aj,yi>cP, where ajP is said ephemeral public key and cP is 
s^id certifying authority's public key. 



11. A method as defined in claim 1 0, wherein said certifying authority verifies the 
validity^f said certificate attributed to said first correspondent by checking a list 
for deternuning if said certificate has been revoked* 



\ 



12. A method as defined in claim 1 0, wherein said ephemeral private key is a 
transaction specific private key and said ephemeral public key is a transaction 
specific public key. 

13. A method as defined\ydaim 2, wherein said first correspondent advises said 
certification authority thW said certificate is to be validated, 



14. A method as defined in claiiA^, wherein said at least one of said implicit 

signature components is forwaMed to said first correspondent by said certifying 
authority. ^ 



15, A method as defined in claim 14, wherein said at least one of said implicit 
signature components is forwarded to sajd second correspondent by said first 
correspondent. 

1 6. A method as defined in claim 1 5, wherein saidygenerated implicit signature 
components include: 

a) Yi, where y\ = kP + rP, and where k is a lon^vterm private key of said first 
correspondent, r is a random integer generated by said certification 
authority, and P is a point on a curve; and \ 

b) Si, where $i « r ~ c»H(Ai,yi), and where c is a long t^rm private key of said 
certifying authority, A* includes at least one distinguishing feature of said 
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first correspondent and said specific authorization information, and H 
\ indicates a secure hash function; 

Wherein said long term private key of said first correspondent is sent to said 
certifying authority prior to said verification transaction. 

\ 

\ 

17. A method as defined in claim 16, wherein Aj, y it and sj are forwarded to said first 
correspondent, and Aj and y; are forwarded to said second correspondent. 

18. A method a^defined in claim 16, wherein said distinguishing feature is includes 
at least one ofW name of said first correspondent, a telephone number of said first 
correspondent, and an address of said first correspondent. 

19. A method as defmed\in claim 16, wherein said specific authorization information 
includes at least one ofva time of said transaction and a date of said transaction. 



20. A method as defined in claim 1 7, wherein said ephemeral private key is generated 

according to a< = k+Sj, wher^ a, is said ephemeral private key. 

\ 
\ 

21 . A method as defined in claim 20^wherein said ephemeral public key is recovered 
according to ajP= yi-H(Ai,yD-cP, wtiere ajP is said ephemeral public key and cP is 
said certifying authority's public key.\ 

22. A method as defined in claim 21, wherdn said certifying authority verifies the 
validity of said certificate attributed to said first correspondent by checking a list 
for determining if said certificate has been revoked. 



23 . A method as defined in claim 2 1 , wherein said ephemeral private key is a 

transaction specific private key and said ephemeral miblic key is a transaction 
specific public key. \ 
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A method as defined in claim 15, wherein said generated implicit signature 
components include a parameter for indicating a predetermined permission for 
said first correspondent, said second correspondent granting access to said first 
_ jrrespondent according to said predetermined permission upon verification of 
said signature. 



25. A method as defined in claim 15, wherein said generated implicit signature 
cnmponents include: 

a) yX where y A = aP + c A P , and where aP is a long term public key of said 
first correspondent, Ca is a random integer generated by said certifying 
authority, and P is a point on a curve; and 

b) s A , wherey A « h{y A \\ A- t \\ cP)c + c A (mod n) , and where Aj includes at 
least one distinguishing feature of said first correspondent, where c is a 
long term private key of said certifying authority, n is a large prime 
number, and h indicates a secure hash function. 



26. A method as defined in claim 23, wherein y A and Sa are forwarded to said first 
correspondent, and Aj and ya a^e forwarded to said second correspondent by said 
first correspondent. 



27. A method as defined in claim 25, wherein said distinguishing feature is.includes 
at least one of a name of said first correspondent, a telephone number of said first 
correspondent, and an address of said first correspondent. 



28. A method as defined in claim 25, wherein saidspecific authorization information 
includes at least one of a time of said transaction and a date of said transaction. 



29. A method as defined in claim 26, wherein said ephemeral private key is generated 
according to d = a + s A , where d is said ephemeral private key. 
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30. A method as defined in claim 29, wherein said ephemeral public key is recovered 
according to Q A = h(y A \\ A. \\ Q C )Q C + y A , where Q A is said ephemeral public 
key and Qc is said certifying authority's long term public key* 

\ 

3 1 . A\method as defined in claim 30, wherein said certifying authority recertifies said 
certificate attributed to said first correspondent by changing said random integer, 
c A . \ 

32. A methods defined in claim 30, wherein said ephemeral private key is a 
transaction Specific private key and said ephemeral public key is a transaction 
specific public\|cey. 

\ 

33. A method as defined in claim 15, wherein said generated implicit signature 
components included 

a) i, where i is a certification period; 

b) s A , where - + c A (mod ji) , n is a large prime number, c is a long 
term private key of \aid certifying authority, c A and k* are random integers, 
and r t = h(y A \\ A i \\ cP || k t P \\ i) , where Ai includes at least one 
distinguishing feature oksaid correspondent and said specific authorization 
information, P is a point on a curve, and h indicates a secure hash 
function; \^ 

wherein y A = aP + c A P , and where aP is a long term public key of said 
correspondent and y A has previously been determined by said certifying authority 
and forwarded to said correspondent. 

34. A method as defined in claim 33, wherein i ahd s A are forwarded to said first 
correspondent, and Ai and Ya are forwarded to said second correspondent by said 
first correspondent. 
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35 . \ A method as defined in claim 33, wherein said distinguishing feature is includes 

y at least one of a name of said first correspondent, a telephone number of said first 
^correspondent, and an address of said first correspondent 

36. A method as defined in claim 33, wherein said specific authorization information 
includes at least one of a time of said transaction and a date of said transaction. 

37. A methdd as definftd in claim 34, wherein said ephemeral private key is generated 
accordingly d^a + s^, where dj is said ephemeral private key. 

\ 

38. A method as d^ned in claim 37, wherein said ephemeral public key is recovered 
according to Q A \ r t Q c + y A + Q i , where Qa is said ephemeral public key, Qi is 
said certifying aut^rity's certification period public key, and Q c is said 
certifying authority' s\^ong term public key. 

39. A method as defined in claim 38, wherein said certifying authority recertifies said 
certificate attributed to said\first correspondent for each certification period, i, by 
changing said random integers kt. 

40. A method as defined in claim 38 Vherein said ephemeral private key and said 
ephemeral public key have a predetermined period of validity. 

41 . A method as defined in claim 40, wherein said predetermined period of validity is 
one transaction. 

42. A method as defined in claim 40, wherein sai^predetermined period of validity is 
a predetermined number of transactions. 

43 . A method as defined in claim 40, wherein said predetermined period of validity is 
a predetermined time period. 
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A method for certifying a correspondent through the use of a certifying authority 
having control of a certificate's validity, said method comprising the steps of; 
a) said certifying authority generating a first random number have a value; 
generating implicit signature components based on said first random 
number; 

publishing a public key of said certifying authority for use in verifying 
said correspondent; 

forwarding said implicit signature components from said certifying 
uthority to said correspondent; 
wherein said certifying authority recertifies said correspondent's certificate by 
changing said value of said first random number. 



m 



i«5 



45. A method as defined in claim 44, wherein ca is said first random number 

generated by saictaertifying authority and said implicit signature components 
include: 

a) Ya* where y A \ aP + c A P , and where aP is a long term public key of said 
correspondent and P is a point on a curve; and 

b) s A , where s A - h(y\\\ A t \\ cP)c + c A (mod n) , and where c is a long term 
private key of said certifying authority, n is a large prime number, A\ is an 
identifier of said correspondent and includes at least one distinguishing 
feature of said correspondent, and h indicates a secure hash function; 



46. 



47. 



A method as defined in claim 45, wherein said correspondent is recertified by 
forwarding said implicit signature components for said first random number 
having said changed value from said certifying authority to said correspondent. 



A method as defined in claim 43, wherein sai< 
for one certification period, said value being 
certifications periods. 




random integer has said value 
;ed for other of said 
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49. 



50. 



A method as defined in claim 47, wherein k, is said first random integer generated 
by said certifying authority for an /th certification period and said implicit 
gnature components include: 

c ) \ h where i is a current certification period; 

d) \$a* where = r { c + k t +c A (mod*) , n is a large prime number, c is a long 
tehn private key of said certifying authority, c A is a second random 

integrand ^ = h(y A \\ A % || cP || k t P \\ i) , where A,- includes at least one 
distinguishing feature of said correspondent, P is a point on a curve, and h 
indicates a secure hash function; 
wherein y A -aP+ c A F^md where aP is a long term public key of said 

correspondent and Ya has previously been determined by said certifying authority 
and forwarded to said correspondent. 



ein said published information further 




A method as defined in claim 48, 
includes kjP and i. 



A method as defined in claim 49, wherein said correspondent is recertified by 
forwarding said implicit signature components for^^id first random number 
having said changed value from said certifying authority to said correspondent. 
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